Pulse Detail — Threat Intelligence

PULSE NAME

A Social Engineering Tactic to Deploy Malware

WHITE AlienVault 2024-07-15 Modified: 2024-07-15

IOCs

LOW VOLUME

McAfee Labs uncovered a sophisticated social engineering technique, dubbed 'ClickFix,' for deploying malware such as DarkGate and Lumma Stealer. Victims are lured to compromised websites displaying error messages with instructions to paste scripts in PowerShell, facilitating malware downloads and execution. This deceptive tactic exploits users' trust by masquerading as legitimate error prompts, tricking them into unknowingly executing malicious code that compromises their systems.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1547 T1564 T1204.002 T1137 T1140 T1218 T1112 T1059 T1568 T1608 T1204 T1059.001 T1027 T1486 T1564.003 T1588 T1223 T1105 T1490

MALWARE FAMILIES

DarkGate Lumma Stealer

Indicators of Compromise (7)

All FileHash-SHA256

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-SHA256	5c204217d48f2565990dfdf2269c26113bd14c204484d8f466fb873312da80cf	—	2024-07-15
FileHash-SHA256	e9ad648589aa3e15ce61c6a3be4fc98429581be738792ed17a713b4980c9a4a2	—	2024-07-15
FileHash-SHA256	8c382d51459b91b7f74b23fbad7dd2e8c818961561603c8f6614edc9bb1637d1	—	2024-07-15
FileHash-SHA256	7d8a4aa184eb350f4be8706afb0d7527fca40c4667ab0491217b9e1e9d0f9c81	—	2024-07-15
FileHash-SHA256	07594ba29d456e140a171cba12d8d9a2db8405755b81da063a425b1a8b50d073	—	2024-07-15
FileHash-SHA256	6608aeae3695b739311a47c63358d0f9dbe5710bd0073042629f8d9c1df905a8	—	2024-07-15
FileHash-SHA256	e60d911f2ef120ed782449f1136c23ddf0c1c81f7479c5ce31ed6dcea6f6adf9	—	2024-07-15

References (1)

↗ https://www.mcafee.com/blogs/other-blogs/mcafee-labs/clickfix-deception-a-social-engineering-tactic-to-deploy-malware/